DDoS Attack

What is a DDoS Attack?

A Distributed Denial of Service (DDoS) is a type of DoS attack in which multiple compromised systems are used to target a single system. These types of attacks can cause significant, widespread damage because they usually impact the entire infrastructure and create disruptive, expensive downtimes.

DDoS vs. DoS

As mentioned above, a DDoS attack is a type of DoS attack. The primary way to identify a DDoS attack compared to another type of DoS attack is to look at how the attack is being executed. In a DDoS attack, the incoming traffic flooding the victim originates from many different sources potentially hundreds of thousands or more. This effectively makes it impossible to stop the attack simply by blocking a single IP address; plus, it is very difficult to distinguish legitimate user traffic from attack traffic when spread across so many points of origin.

How DDoS attacks work

DDoS attacks are often accomplished by a Trojan Horse, a type of malware that’s disguised as an innocuous file or program. Once the attackers have compromised multiple devices and created a botnet, they then use a Command and Control (C2) server to attack the targeted system until it overloads and ultimately fails. The specific method of attack can vary.

Types of DDoS attacks

  • Volumetric attacks: Volumetric attacks usually consume bandwidth resources by creating a huge volume of traffic, which prevents legitimate users from accessing the target system. Types of volumetric attacks include DNS amplification, in which the attacker uses the target’s IP address when initiating a request for a large amount of data. This means the server is simultaneously sending and receiving the same data and subsequently becomes overwhelmed.
  • Protocol attacks: Protocol attacks target the network resources by overwhelming the firewall or load balancer, which is why they’re also sometimes called state-exhaustion attacks. Types of protocol attacks include SYN flooding, in which the attacker manipulates the 3-step handshake of a TCP connection until the network resources are consumed and no additional devices can establish a new connection.
  • Application layer attacks: Application layer attacks are used to deplete resources in the application layer. In these types of attacks, bots send several million complicated application requests simultaneously so the system gets overwhelmed very quickly. Types of application layer attacks include HTTP flooding, which is effectively similar to refreshing a browser repeatedly from numerous devices.

There are a number of measures users can put in place to prevent or mitigate the repercussions of a DDoS attack. Developing and regularly reevaluating a response plan and implementing multi-level threat management systems are valuable tactics that can prevent expensive downtimes as the result of a DDoS attack. It’s also important to monitor the network for any warning signs. Symptoms of an imminent DDoS attack include high volumes of traffic that:

  • Come from one IP address or range of IP addresses
  • Go to a single webpage
  • Come from a single common user characteristic (such as geolocation)
  • Occur at at unexpected times of day

 

Vangie Beal
Vangie Beal
Vangie Beal is a freelance business and technology writer covering Internet technologies and online business since the late '90s.

Top Articles

List of Windows Operating System Versions & History [In Order]

The Windows operating system (Windows OS) refers to a family of operating systems developed by Microsoft Corporation. We look at the history of Windows...

How to Create a Website Shortcut on Your Desktop

Website Shortcut on Your Desktop reviewed by Web Webster   This Webopedia guide will show you how to create a website shortcut on your desktop using...

What are the Five Generations of Computers? (1st to 5th)

Reviewed by Web Webster Each generation of computer has brought significant advances in speed and power to computing tasks. Learn about each of the...

Hotmail [Outlook] Email Accounts

Launched in 1996, Hotmail was one of the first public webmail services that could be accessed from any web browser. At its peak in...

SHA-256

SHA-256 is an algorithm used for hash functions and is a vital component...

Document Management System

A document management system is an automated software solution businesses and organizations use...

Conti Ransomware

Conti ransomware first emerged in 2020. It uses a ransomware as a service...